tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Jaquith <>
Subject JNDI resources available to auth realms?
Date Wed, 05 Jan 2005 23:54:08 GMT

A while back I did some patch work on the catalina.realm.JAASRealm 
class. I learned a lot in the process.

Shortly thereafter, I wrote a (personal) JAAS LoginModule that uses a 
JDBC database as the authentication data source. It works great. One of 
the things I wished I could incorporate into the LoginModule was the 
ability to leverage Tomcat-managed JNDI resources. That way, I could 
take advantage of connection pooling, reduce the need to spray 
credentials into JAAS conf files, etc.

I tried to do it, but couldn't make it work. After many days of 
troubleshooting and debugging, I realized the source of the problem. 
JNDI resources did not seem to be available to the threads that call 
JAASRealm (or any other realms, for that matter). I noted that the 
JDBCRealm has this TODO:

   Support connection pooling (including message
   format objects) so that <code>authenticate()</code> does not have to 
   synchronized and would fix the ugly connection logic.

Making JNDI resources available to the realms would fix my problem and 
this one too; all that would be required would be some sort of 
JNDICallback that JAASCallbackHandler could use to satisfy a JNDI 
resource request by the JAAS login module. Assuming that making JNDI 
resources (read-only copies of the global + local context resources) 
available is a good idea, what's the best way to go about it? I looked 
at quite a bit of code in catalina/naming and other places; it wasn't 
very obvious how to do it.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message